public class GuidGenerationPostProcEventHandler implements oracle.iam.platform.kernel.spi.PostProcessHandler {
:
public EventResult execute(long processId, long eventId, Orchestration orchestration) {
public EventResult execute(long processId, long eventId, Orchestration orchestration) {
HashMap params = orchestration.getParameters();
String uid = this.getParamaterValue(params, Constants.USERID);
oracle.iam.identity.usermgmt.vo.User user = new User(uid);
user.setAttribute("Micam Unique Id", generateUniqueId()); // generateUniqueId is a private method and returns some value
try {
usrMgrService = Platform.getService(UserManager.class);
usrMgrService.modify(Constants.USERID, uid, user);
}
catch (...)
:
:
}
return ( new EventResult() );
:
:
The above said code worked as expected. It generated the value and populated the user attributes called "Micam Unique Id". But, this code did some damage to my auto-provisioning set up to OID. I saw two auto-provisionings are initiated during user creation event instead of one. I could not figure out the cause. so I posted the query to oracle forum ( https://forums.oracle.com/forums/thread.jspa?threadID=2329154 ) and found the following answer from some of our smart users.
There is a known issue in UserManagement APIs in OIM 11.1.15. Using the UsrMngmt APIs to update a User within an Orchestration will cause another user update orchestration to be initiated. The user update is also causing role membership rules to be evaluated, which in turn is triggering second provisioning. So solution is to use Entity Management (oracle.iam.platform.entitymgr.EntityManager) APIs instead . The new code snippet is given here, which works fine so far.
public class GuidGenerationPostProcEventHandler implements oracle.iam.platform.kernel.spi.PostProcessHandler {
:
public EventResult execute(long processId, long eventId, Orchestration orchestration) {
HashMap mapAttrs = new HashMap() ;
mapAttrs.put("Micam Unique Id", generateUniqueId()); // generateUniqueId is a private method and returns some value
try {
String userKey;
if (!orchestration.getOperation().equals("CREATE"))
userKey = orchestration.getTarget().getEntityId();
else {
OrchestrationEngine orchEngine = Platform.getService(OrchestrationEngine.class);
userKey = (String) orchEngine.getActionResult(processID);
}
entMgrService = Platform.getService(EntityManager.class);
entMgrService.modifyEntity(orchestration.getTarget().getType(), userKey, mapAttrs);
}
catch (..) {
:
return ( new EventResult() );
:
:
As of writing this blog, there is no UserMgmt & EntityMgmt API documentations available from Oracle. So good luck.
How I can integrate a C#.net desktop application with Oracle Access Manager for authentication and authorization control?
ReplyDeleteThere is an "AccessServer SDK API" available in OAM 10g, which can be called from C# .Net application to enforce the authentication and authorization. I do not know the fate of those API in 11g.
ReplyDelete